Cancel changes

Description

There is no mechanism for Signing powershell MID Server Script Files (ecc_agent_script_file), and these are used by several out-of-box activities included in Orchestration Activity Packs, and powershell based activities in other out-of-box Orchestration workflows.

These scripts need to be allow to run "Unrestricted" execution policy to work currently.

Some customers have policies that have this as a requirement, e.g. Defense Information Security Agency (DISA) Security Technical Implementation Guidelines (STIG) suggest that all Powershell scripts should be Signed.

If an "AllSigned" or "remotesigned" policy is enforced on servers automatically, then these activities will fail to run, with an error like:Error encountered when invoking PowerShell, the result from running '"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"...

A Microsoft SCCM Server will have "remotesigned" execution policy by default, and need that policy made less secure to run Client Software Distribution workflows.

Steps to Reproduce

Set powershell execution policy to AllSigned or RemoteSigned on the MID Server host

Attempt to run any powershell activity on it

Workaround

This problem is currently under review. You can contact ServiceNow Technical Support or subscribe to this Known Error article by clicking the Subscribe button at the top right of this form to be notified when more information will become available.

The only workaround is to set the powershell execution policy to "Unrestricted".

Related Problem: PRB1349797

Seen In

SR - IRM - Audit Management - New York 2019 Q3

SR - IRM - GRC Profiles - Madrid 2019 Q2

SR - IRM - GRC Workbench - New York 2019 Q3

SR - IRM - Policy and Compliance - Madrid 2019 Q2

SR - IRM - Risk Management - New York 2019 Q3

SR - IRM - SIG Assessment Legacy - Madrid 2019 Q1

SR - IRM - Vendor Risk Management - Madrid 2019 Q1

SR - ITOM - Fundamentals Istanbul Jakarta Kingston r1 - v5.99.6

SR - Security - Integration Framework - Madrid 2019 Q2

SR - Security - Support Common - Madrid 2019 Q2

SR - Security - Support Orchestration - Madrid 2019 Q2

SR - SIR - Security Incident Response - Madrid 2019 Q2

SR - SIR - Security Incident Response PA Content - New York 2019 Q3

SR - SIR - Store SecOps Setup Assistant - Madrid 2019 Q2

SR - SIR - Store Threat Core - Madrid 2019 Q2

SR - SIR - Store Trusted Security Circles Client - New York 2019 Q3

SR - SIR - Threat intelligence - New York 2019 Q3

SR - VR - Vulnerability Response - New York 2019 Q3

SR - VR - Vulnerability Response PA Content - Madrid 2019 Q2

Intended Fix Version

Orlando

Safe Harbor Statement

This "Intended Fix Version" information is meant to outline ServiceNow's general product direction and should not be relied upon in making a purchasing decision. The information provided here is for information purposes only and may not be incorporated into any contract. It is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at ServiceNow's sole discretion.